[FFmpeg-devel] [PATCH 1/2] avformat/hlsenc: fix base_output_dirname is null when basename_size is 0 bug
Marton Balint
cus at passwd.hu
Wed Nov 1 20:55:06 EET 2017
On Sun, 29 Oct 2017, Liu Steven wrote:
>
>> 在 2017年10月26日,上午7:54,Steven Liu <lq at chinaffmpeg.org> 写道:
>>
>> fix ticket id: #6777
>> when use argument hls_segment_filename, the basename_size will be 0
>>
>> Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
>> ---
>> libavformat/hlsenc.c | 16 +++++++++++-----
>> 1 file changed, 11 insertions(+), 5 deletions(-)
>>
>> diff --git a/libavformat/hlsenc.c b/libavformat/hlsenc.c
>> index 418f153c6f..55ce800c5a 100644
>> --- a/libavformat/hlsenc.c
>> +++ b/libavformat/hlsenc.c
>> @@ -1335,6 +1335,7 @@ static int hls_write_header(AVFormatContext *s)
>> AVDictionary *options = NULL;
>> int basename_size = 0;
>> int vtt_basename_size = 0;
>> + int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1;
>>
>> if (hls->segment_type == SEGMENT_TYPE_FMP4) {
>> pattern = "%d.m4s";
>> @@ -1445,7 +1446,6 @@ static int hls_write_header(AVFormatContext *s)
>> }
>>
>> if (av_strcasecmp(hls->fmp4_init_filename, "init.mp4")) {
>> - int fmp4_init_filename_len = strlen(hls->fmp4_init_filename) + 1;
>> hls->base_output_dirname = av_malloc(fmp4_init_filename_len);
>> if (!hls->base_output_dirname) {
>> ret = AVERROR(ENOMEM);
>> @@ -1453,19 +1453,25 @@ static int hls_write_header(AVFormatContext *s)
>> }
>> av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, fmp4_init_filename_len);
>> } else {
>> - hls->base_output_dirname = av_malloc(basename_size);
>> + if (basename_size > 0) {
>> + hls->base_output_dirname = av_malloc(basename_size);
>> + } else {
>> + hls->base_output_dirname = av_malloc(strlen(hls->fmp4_init_filename));
>> + }
>> if (!hls->base_output_dirname) {
>> ret = AVERROR(ENOMEM);
>> goto fail;
>> }
>>
>> - av_strlcpy(hls->base_output_dirname, s->filename, basename_size);
>> - p = strrchr(hls->base_output_dirname, '/');
>> + if (basename_size > 0) {
>> + av_strlcpy(hls->base_output_dirname, s->filename, basename_size);
>> + p = strrchr(hls->base_output_dirname, '/');
>> + }
>> if (p) {
>> *(p + 1) = '\0';
>> av_strlcat(hls->base_output_dirname, hls->fmp4_init_filename, basename_size);
>> } else {
>> - av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, basename_size);
>> + av_strlcpy(hls->base_output_dirname, hls->fmp4_init_filename, fmp4_init_filename_len);
>> }
>> }
>>
>> --
>> 2.11.0 (Apple Git-81)
>>
>
> Applied!
>
This breaks fate-filter-hls-append, ffmpeg crashes or infinite loops for
me:
==8410== Invalid write of size 1
==8410== at 0x102DD63: av_strlcpy (avstring.c:89)
==8410== by 0x6627D9: hls_write_header (hlsenc.c:1474)
==8410== by 0x6BD7E1: write_header_internal (mux.c:466)
==8410== by 0x6BF678: avformat_write_header (mux.c:519)
==8410== by 0x4A74D8: check_init_output_file (ffmpeg.c:2933)
==8410== by 0x4A8A55: init_output_stream.constprop.22 (ffmpeg.c:3572)
==8410== by 0x4AC645: reap_filters (ffmpeg.c:1424)
==8410== by 0x48F45E: transcode_step (ffmpeg.c:4540)
==8410== by 0x48F45E: transcode (ffmpeg.c:4584)
==8410== by 0x48F45E: main (ffmpeg.c:4790)
==8410== Address 0xb3ded28 is 0 bytes after a block of size 8 alloc'd
==8410== at 0x4C2B5D0: memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==8410== by 0x4C2B6E7: posix_memalign (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==8410== by 0x1044809: av_malloc (mem.c:87)
==8410== by 0x661DC0: hls_write_header (hlsenc.c:1459)
==8410== by 0x6BD7E1: write_header_internal (mux.c:466)
==8410== by 0x6BF678: avformat_write_header (mux.c:519)
==8410== by 0x4A74D8: check_init_output_file (ffmpeg.c:2933)
==8410== by 0x4A8A55: init_output_stream.constprop.22 (ffmpeg.c:3572)
==8410== by 0x4AC645: reap_filters (ffmpeg.c:1424)
==8410== by 0x48F45E: transcode_step (ffmpeg.c:4540)
==8410== by 0x48F45E: transcode (ffmpeg.c:4584)
==8410== by 0x48F45E: main (ffmpeg.c:4790)
==8410==
Regards,
Marton
More information about the ffmpeg-devel
mailing list